Manager, Security Engineering

WHO WE ARE

ActBlue is a nonprofit organization dedicated to creating cutting-edge technology that fuels Democratic victories and enables progressive causes to thrive. 

Our vision is simple: building change through the power of people. Since our founding, we’ve been building innovative solutions to revolutionize grassroots fundraising – if you’ve donated to a Democratic campaign or a progressive organization online, you’ve probably used our platform! We believe in putting power in the hands of small-dollar donors by helping thousands of groups — from local candidates to national movements — mobilize their communities and create a lasting impact. Every member of our team is deeply committed to advancing our shared mission and core values. Together, we are shaping the future of democracy. 

THE OPPORTUNITY

The Security & Integrity department at ActBlue works to protect from threat actors that might target ActBlue, our donors, or the campaigns and organizations that fundraise on our platform. Our security program is anchored in empathy for our stakeholders, which is a primary value for our team.

We are looking for an Engineering Manager, Security to help lead our Security team. This is a role that demands a diverse skillset, you will directly manage a team of security engineers while maintaining deep hands-on involvement in security related work. You will partner with the Sr. Director of Security and Integrity to own the security team’s strategic roadmap, drive cross-functional partnerships with Engineering, Legal, IT, and your peers in Payments and Fraud helping the team to manage both day to day work and improvement of Act Blue’s security program.

The ideal candidate brings both strong managerial depth helping teams to plan and execute tactically as well as deep technical depth in security engineering and a genuine passion for developing people. You’ll help set the technical direction for the team, ensure we’re building the right capabilities to defend ActBlue, and create an environment where security engineers thrive and grow in their careers and skills.

WHAT YOU WILL DO

• Team Leadership & Development: Mentoring, and growing security engineers. This includes running 1:1s, career development planning, performance reviews, and building a culture of continuous learning around evolving threats and technologies.
• Security Execution: Partnering with engineers on your team and the Sr. Director of Security and Integrity you’ll define and prioritize the team's quarterly and annual security initiatives, aligning them with business objectives and frameworks like NIST CSF, CIS Controls, or SOC 2. Translating risk assessments into actionable engineering work.
• Routinely you’ll run daily standups with the team and help the team plan, coordinate, and shepherd tactical work to be done.
• Cross-Functional Collaboration: Partnering with Platform, SRE, Legal, IT, Compliance, and Product teams to embed security into the SDLC, incident response processes, and vendor management workflows. 
• Incident Response & Preparedness: You’ll help the team to maintain the Security incident response program: runbooks, running tabletop exercises, on call schedules, and ensuring timely response to alerts and events.
• Product and Cloud Security: Drive product security practices and cloud security posture across our AWS infrastructure, ensuring secure architecture, configuration, and continuous monitoring of our production environments.
• Vulnerability & Risk Management: Overseeing application security testing (SAST, DAST, SCA), penetration testing programs (including bug bounty), and ensuring vulnerabilities are triaged, prioritized, and remediated within SLA.
• Defining and tracking KPIs (mean time to detect/respond, vulnerability remediation rates, coverage metrics) and reporting security posture to executive stakeholders.
• Corporate Security: Partnering with IT, you and the team will help ensure strong protections in corporate security including spam, EDR, and device security is mature and well executed.
• Vendor & Third-Party Risk: Helping the team evaluating security vendors, and overseeing third-party risk assessments.
• Budget & Resource Planning: In coordination with the other department managers; manage the security budget, justifying tooling spend, headcount requests.

WHAT YOU BRING

• 5–7 years managing a team of security engineers or similarly technical ICs. Demonstrated experience with hiring pipelines, structured interview loops, performance calibration, performance, and career laddering. 
• Comfortable running daily standups and weekly 1:1s as core rituals, not afterthoughts.
• Familiar with translating frameworks like NIST CSF or CIS Controls into quarterly OKRs and sprint-level work. 
• Hands-on experience building or maturing a security program at a mid-size or growth-stage organization. 
• Experience overseeing AppSec tooling (SAST, DAST, SCA, Container Scanning, Secrets) and programs like penetration testing or bug bounty. 
• You know how to set remediation SLAs and hold engineering teams accountable to them without creating adversarial relationships.
• A background working with or managing engineers who build and tune detections in a SIEM, manage alert pipelines, and reduce noise
• You understand the operational side of security monitoring — not just deploying tools but making them effective.
• Experience running an AI forward team of engineers. You’ll know how to find quick solutions to problems and you’ll help the team to similarly seek out speed and quality of execution via AI related tooling.
• A track record of working across engineering, SRE, platform, IT, and legal orgs. 
• You can navigate competing priorities and translate security requirements into language that product and platform teams will act on.
• You have deep familiarity with cloud security (AWS), Application Security (particularly web native apps and authentication),  endpoint security (EDR), email security (anti-spam/phishing), and device management.
• Experience evaluating security vendors, running third-party risk assessments.
• You have defined and reported on security KPIs like MTTD, MTTR, vulnerability aging, and coverage metrics. 
• Demonstrated domain expertise in one or more core security domains and secondary specializations, (e.g. infrastructure security, application security, corporate IT security, security operations)

WHAT YOU'LL BE WORKING WITH

• Dev stack: Ruby on Rails, React, PostgreSQL, Node.js, Redis
• Infra stack: Amazon Web Services, K8s
• Business Systems: Gsuite, Okta, Github, Atlassian, Netsuite, Hubspot

WORK & BENEFITS SNAPSHOT

This posting is for a full-time, remote, salaried position. Travel may be required on a limited basis to attend all-staff and departmental retreats (1-2 times per year). Additional travel may be required for select positions. 

Registered States*: Arizona, California, Colorado, Connecticut, Florida, Georgia, Hawaii, Illinois, Maryland, Massachusetts, Michigan, Minnesota, Missouri, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Wisconsin, and Washington D.C.

*While ActBlue is currently registered to support remote work in the states listed above, we possess the ability to register in additional states as needed. If you are located in a state not listed, we may still be able to proceed with your application, but please note that the offer process may take longer to accommodate registration requirements.

Work Schedule: 

This role requires availability during established, regular business hours (Mon-Fri) and is expected to be a part of an on-call rotation which will result in working nontraditional hours as needed.

Work Environment: 

Employees can expect to work with distributed teams across all U.S. time zones. Our roles require extended technology usage, and proficiency with virtual communication tools such as Zoom and Slack. Regular attendance in virtual meetings is inherent to every position.

Salary Range Details:

Salary Range: $173,676 - $192,209 - $210,741

ActBlue is committed to consistent compensation practices across our organization. Final salary offers will take into account factors such as candidate experience, interview performance and current team salary parity. 

Benefits: 

• Flexible work schedules and an unlimited time-off policy
• Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families; plus fully-paid health reimbursement arrangement to use for out of pocket expenses and fully-paid short- and long-term disability 
• Fully paid basic and AD&D life insurance and a voluntary supplemental life insurance option
• Dependent and health care flexible spending account options
• Employee Assistance Program (EAP) benefits for employees 
• Automatic 2% Employer-paid 401K contribution, plus up to an additional 6% match on employee contributions
• A minimum of three months paid medical, family and parental leave (for all new parents, adoptions included)
• Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
• Additional perks including quarterly snack deliveries and digital subscriptions to the Boston Globe & New York Times

ActBlue is unable to sponsor work visas at this time.

UNION INFORMATION

Supervisory role not part of the Bargaining Unit position: Certain employees who report to this position may be covered by a collective bargaining agreement.

BACKGROUND CHECKS

As part of our hiring process, ActBlue will conduct a background check at the time of offer. This will be completed in compliance with applicable laws and will not be initiated without your consent.

INCLUSION STATEMENT FROM ACTBLUE

ActBlue is committed to equal employment opportunities and fostering a diverse, inclusive workplace. We celebrate unique perspectives, honor the dignity of all individuals, and recognize that diverse backgrounds and identities strengthen our mission.

If you’re passionate about our work and see yourself in this role, we encourage you to apply—even if you don’t meet every requirement.

We also provide reasonable accommodations for individuals with disabilities throughout the hiring process and employment. To request an accommodation, email [email protected].